d9e9a4f17e1100fc9e1a02f6ebf3403f1822b07b9a0f776799167309d425c221

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 16:23

Target

07b3913b7b55c219ea85547efb2acca7_JaffaCakes118.dll
Size

42KB
MD5

07b3913b7b55c219ea85547efb2acca7
SHA1

4c9e58358887688ad2fc95c240b778b71df4b4bb
SHA256

d9e9a4f17e1100fc9e1a02f6ebf3403f1822b07b9a0f776799167309d425c221
SHA512

99a85c72d94061a2e09ad1526d3bee1d1811f6b05df277042c82d4e990036506e94a72457c0ac939d66ad8c7b7345282d33e5f80311a757cc59605973b92f995
SSDEEP

768:ulAqQidiEgzdbkpjhWToENNqDKt76mr7TKttBro7PpPJdTWBnRECriM:aA/6bgzB0FENNqCFr7TKJroBLanREC/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 2124	4536	rundll32.exe	83
PID 4536 wrote to memory of 2124	4536	rundll32.exe	83
PID 4536 wrote to memory of 2124	4536	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b3913b7b55c219ea85547efb2acca7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b3913b7b55c219ea85547efb2acca7_JaffaCakes118.dll,#1
  2⤵
  PID:2124